WhatsApp is facing fresh scrutiny after reports claimed that a major privacy flaw may have exposed the phone numbers and profile photos of as many as 3.5 billion users worldwide. The issue was highlighted by cybersecurity researchers at the University of Vienna, who say they were able to gather billions of phone numbers using what they describe as a “simple” method that exploited WhatsApp’s contact-discovery system.
According to the researchers, the problem was linked to WhatsApp’s “Click to Chat” feature — the tool that lets users start a conversation without saving a number. When these links were generated, the associated information occasionally became visible in publicly searchable URLs. This meant that user data like phone numbers, profile pictures and even names could be accessed by external websites, search engines or third-party tools.
Since WhatsApp has more than two billion users globally, the scale of the potential exposure raised alarms. Privacy experts warn that even the leak of a phone number can open the door to spam calls, scams, impersonation attempts and targeted harassment. The idea that such basic information might have been accessible to anyone who knew where to look has sparked concerns over how secure everyday messaging platforms really are.
However, Meta — WhatsApp’s parent company — has strongly pushed back against claims of a “data leak”. Through its official Bug Bounty program, Meta said the reports were misleading and that no non-public data was ever exposed.
In a statement posted online, Meta clarified that the findings were part of a collaborative academic study, conducted with WhatsApp’s cooperation. Researchers were testing how enumeration and scraping attempts might work, and WhatsApp says it had already been working on new anti-scraping systems before the study began.
WhatsApp’s VP of Engineering, Nitin Gupta, thanked the Vienna researchers for helping stress-test the platform’s defenses. He said the research uncovered a technique that exceeded WhatsApp’s intended limits, allowing basic publicly available information to be scraped — but stressed that messages remained private and encrypted, and that there is no evidence of malicious actors misusing the bug. The researchers have also deleted the data collected during the study.
Even with Meta’s clarification, the incident underscores a larger point: even well-established apps can have loopholes that make user data vulnerable. As billions of people rely on WhatsApp for personal and professional communication, experts say it’s crucial for users to check their privacy settings regularly and stay alert to anything unusual on their accounts.
Researchers from the University of Vienna reportedly scraped 3.5 billion WhatsApp phone numbers using a flaw in the Click to Chat feature, raising global privacy concerns. Meta, however, denies any data leak and says no non-public data was exposed. Here’s what happened, what researchers found, and how WhatsApp responded.
SEO Keywords:
WhatsApp 3.5 billion leak, WhatsApp privacy flaw, WhatsApp data exposure, Click to Chat bug, WhatsApp phone numbers exposed, Meta denies WhatsApp leak, University of Vienna WhatsApp research, WhatsApp security issue, WhatsApp data privacy, WhatsApp scraping flaw.`
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
